Skip to main content

tv   Automotive Cybersecurity Mary Barra Remarks and Panel Discussion  CSPAN  November 17, 2016 2:44am-3:50am EST

2:44 am
sector. consider that under her leadership in the last year alone gm launched the sharing service and purchase cruise automation and invested $500 million and announced the upcoming launch of the chevy bolt in our hall today and a particular relevance on gm was the first major car manufacturer to form a disclosure program. that mary's the ceo would open today's conference. . ladies and gentlemen, please welcome to the stage. the chairman and ceo of general motors mary bara.
2:45 am
>> good morning, everyone. >> i also want to thank senator peters, and commissioner mcsweeney and academic leaders that are here or will be spending time with us today for this very important topic. this event underscores the importance of bringing together leaders to examine the state of automotive cyber security and explore ways to strengthen our mutual cyber defenses. it points to solutions facing
2:46 am
society today around the world consumers increasingly expect to have constant and seemless connectivity. there will be 50 billion and child on the planet. it's now a global phenomenon even high end clothing and jewelry and the trend toward sustainable living and environmentally friendly policies are as important now as in the growth of urban population centers. by 2020 projections are there will be 41 local mega cities with populations above 10 million that's up from 28 today.
2:47 am
i believe the auto industry will change more in the next five years than it has in the last 550. and at gm we are excited to be in the leadership role. in the area of connectivity gm's on star service responded to 1.3 billion consumer requests since we launched the service 20 years ago. we expect to have our global volume connected. this is the beginning of where connectivity will take us in the future as we work to expand and improve the customer experience both inside and outside of the vehicle. around the world car and ride sharing services are also expanding.
2:48 am
locally there's shared and today. and at gm we combined a number earlier this year under a single brand maven. we now have half a dozen programs as well as germany and china and brazil and more launches on the way we believe connectivity and ride sharing and autonomous vehicles will shape the future of personal mobility. the trend toward sustainability is veered in the industry's drive toward alternative propulsion. especially we electric vehicles and later this year we'll start the production of the all electr chevy bolt that is available for you to check out in the lobby and this will be
2:49 am
the first electric vehicle that cracks the code of affordability and a 200 mile plus range. traditional and non-traditional automotive companies are making substantial investments in autonomous driving and parts of the industry and this promises customers greater con veebs, lower cost and ill proved safety. taken together these trends are allowing gm and the auto industry to stretch the boundaries of what is possible for consumers. they're giving us unprecedented opportunities to develop vehicles that are more environmentally friendly. smarter and safer for our customers. it also creates challenges and one of the challenges is the issue of cyber security and make no mistake. cyber security is the foundation
2:50 am
to each of the technologies i have discussed. in addition to the rapid growth there are two additional factors that are contributing to cyber security risk for today's auto industry. and are stored and transmitted through the network. the other is complexity that opens up opportunities for those that want to do harm through cyberattacks. consider that cars on average have about 1 million lines of code. the volt introduced in late 2010 had about 10 million lines of code. that's more than an f-35 fighter jet. today the average car has more than 100 million lines of code and it won't be long before it surpasses 200 million. now we all want customers to take advantage of the technology
2:51 am
that is changing the automobile and opening up new experiences that onewere unimaginable but w want our customers and data to be safe and securehile they're using all of these new features it protects not only for physical safety of the customer but also their privacy and their data. and we used it not as an area for competitive advantage but as a concern in which the auto industry collective customers and the society at large are best served with an industry wide collaboration and sharing of best practices at gm we recognize that the threat landscape is continually evolving and sophisticated attacks are specifically designed to circumvent even the most robust system designs
2:52 am
whether it's fishing or spy ware or malware or ransomware. protect against the attacks and mitigate the consequences when and if they occur. it is a problem for every auto maker around the world. it's a matter of public safety and this is why general motors strongly supports the collaborative approach championed by secretary fox. the alliance of automobile manufacturers and the association of global auto makers and members of the auto w. mae cyber security a top
2:53 am
priority. and we have a senior executive running their cyber security team. and we have also taken a leadership position serving as vice chair. and we have made a very deliberate decision to embrace the relationship with the white hat research community. we launched a program that puts out a welcome back to researchers and cyber security experts inviting them to identify vulnerabilities in our systems this is an approach practiced for years and they're good at but few companies have embraced within the industry.
2:54 am
but we are committed to working with the research community to improve our cyber security posture. but while all the actions are important the single most significant commitment we have to make to cyber security at gm is to commit to collaborate with everyone here and to address our shared cyber security issues and concerns. yesterday they identified cyber security best practices for the industry. issued by secretary fox in january. i want to applaud these effects and the members of it. all of whom and get us where we are today. i'm extremely pleased to say and all recommendations. and implementing the actions and best practices out tps lined in
2:55 am
this document tomorrow. and call for a commitment and work together to mitigate cyber threats that present potential risks to our customers and society at large. and enhancing the atmosphere for everyone. and as we move forward. a very important point is its seriously effected and the auto industry has the opportunity to address cyber concerns before we experience a serious incident. we can work together today within the auto industry and
2:56 am
tomorrow and we can learn from companies and industries that have already addressed cyber threats on a large scale. i believe we can learn a lot from experience that can help the auto industry in front of cyber security before we face a fielded threat. so i believe we have an opportunity to work together today and in the months to come to move the industry forward many are disrupted.
2:57 am
i believe it is essential that leaders from a wide cross section of industries from automotive to defense to aerospace work together with government law enforcement, researchers and cyber security community to develop proactive solutions to the challenges that we all face and i believe we have a real opportunity to do that here today for the safety and security of our customers and of society in general. we need to make it an industry priority this summit is what we need more of. all of us working together to achieve what none of us can do on our own. i want to thank billington cyber security for their role in bringing us here today and i want to thank each of you for your commitment to being a critical part of this solution. let's work together to leverage
2:58 am
our collective strengths and knowledge to protect our customers their privacy every time they get in a car. thank you. >> now i'd like to introduce to you our next panel. the principle and the acting executive director. each of the panelists can please come up now. appreciate it. >> while they're coming up john
2:59 am
allen was the program manager for the effort to form the first automotive industry cyber threat and vulnerability and information sharing. as mrs. bara mentioned you may have seen again that just yesterday the members released a very important overview of the comprehensive automotive cyber security best practices. on this panel our top executives from general motors and toyota and honda as well as the founder. i'm amazed. and be on this stage.
3:00 am
and we're going to have a conversation. how you're going to mature as an industry. and security best practices but it's definitely a time and hopefully it will get something out of it. this isn't just about that it's about you all in the room and how we really protect the ecosystem as one team. many of you know who is on the industry.
3:01 am
and it's great to have you. thank you for flying in to be with us. our friendly on the panel. many of you know josh but you may not know that he's now come to d.c. to the dark side with s us. another board member at the end has really helped us develop it and then jeff that you heard mary talk about a minute ago. chief information security officer for general motors but also the vice chairman that's been a huge advocate and leader out there. but for just a minute, everybody
3:02 am
gets up the speed of where we're at. for those that don't know the automotive isac, the abbreviation because we love abbreviations in washington defendant c. is the information sharing and analysis center and there's a law that allowed it. they said you know what it kale together after a cyberattack. let's get together before something happens and let's start working together as an industry. and that took a year and it was one year ago this week that it was announced and it took awhile to get the organization up and running and we became fully operational capable in january of this year and started sharing
3:03 am
cyber threat vulnerabilities in what has happened in the environment. every company is doing amazing things and it really came down to how do we share best practices about what we're doing. you heard this is a competitive discipline and we came together as an industry and yesterday released the executive summary of what the best practices will look like and what the main play books will be. and 98% were about that. it is very critical to this entire endeavor so we expanded it and invited the supplier community. you may have seen press releases on that. if i try to name them i will miss one and get in trouble.
3:04 am
especially baseline across the entire industry. we did an exercise on how to share cyber threat intelligence. could never have imagined doing this two years ago and getting everybody in the room to share. so i don't want to go down the whole line. how is it going? have you seen the transition occur with information sharing over the past year? >> i think what you were talking about in organizing and coming together as an industry, the trust started there. just the fact that we could come together and understand what the common goal was and then transitioning that into this was not a competitive space for the industry. this was a collaborative space and so then taking that on to actu
3:05 am
actually formalizing it and sharing information and then yet another step of sharing best practices. so those best practices came from a lot of different places. came from outside the industry and came from within each member and that ability to share increased the trust and that's really key to anything we do and also to start bringing other folks into the fold. that trust and building that trust and that respect within the companies is important. >> can we declare success? can we spike the ball? we did it. >> almost. never done and you don't know what you don't know. it's a pair dock in all of this and fierce competitors. so to share is a new thing we're organized and communicating and working together and you used
3:06 am
the line and the attack on one is an attack on all of us an that's the way we stand united. it's great. so jeff is the vice chairman, how do you see the maturity levels? how do we work together as an industry to bring everybody up? we had some large oems that have a lot of resources. that are able to do this. dispersed geographically and complex supply systems. how do you really open up what you're doing in gm or share it across the industry with that culture? >> yeah i think that's the best part of the isac is we talked about being fierce competitors and we are. we compete for everything and it's not a competitive advantage so it's all the groups of people coming together and bringing the best to the table what they have and you see this, right? you see it in the best practices development.
3:07 am
best practices aren't becoming the least common denominator. what the auto industry can do. we are sitting around the table and all of us stronger in some areas and weaker in other areas but challenging each other to figure out what is the best thing that we can do for the safety and security of our customers. >> josh. what is the perception of this? how do you see the research in the future? it was our belief that it was almost exactly two years agatha we launched a cyber safety frame work and in that open letter to the auto ceos we said your masters and your domaine have
3:08 am
been perfecting safety for 100 years. and as a nice compliment you're seeing more collaboration among the suppliers but even if we capture all the best practices 100 of the fortune 100 companies have lost intellectual property and trade secrets.
3:09 am
it's critical. that promise of saving the 100 plus souls we lose every day due to human era. we want to see that happening
3:10 am
soon. >> we collaborated with consumer electronics and let's talk about disclosure. and i'm not going to dive into it too strong. and the lessons learned. we're experts in the automotive industry. those feeds coming in, consumer electronic areas and they all have lessons learned that we can benefit from and that's the premis of today. bring everybody together from all the different facets of industry and learn from each other to do what is best for our
3:11 am
customers? >> we have the deployed fleet that's overwhelming and less attackable. we have the fleet that we're doing a good job of best practices on with the available supply chain of built in and after market security and i.t. i hate the term best practice. we have good practices and we're looking for better and what i'm doing and future ind. and while it's important those are failures on current fleet. with the five star since all
3:12 am
systems fail the basic things were tell your customers how you avoid failure. it's in your best practice. tell your researchers you won't sue them for helping you avoid failure. how do you capture, study and learn from failure really poorly instrumented for evidence on cyber tampering. and it's going to take to 2025 before we can get those that we outlined and that won't be enough. what you guys are doing is amazing and we need to keep another eye on what we still need to do rnd build and pull into this ecosystem. >> i want to go to that point too. a little bit about the future best practices are looking on in a minute to make sure that we baseline, you're a japanese headquatered company. what is different about some of the organizations that you all
3:13 am
work with that might be different you have supply bases all over the world and deals all over the world. organizations all over the world. and places and developed automatically and you mentioned information. that's the other one. and academia can you give me some insight?
3:14 am
>> typically it's the u.s. and we think we need to engage and are engaging. >> and the challenges and all of that and to steve's point is how you pulled all the information in and then sort through.
3:15 am
>> step outside the automotive industry and security as a whole. it's a challenge because there's not a lot of people doing it. there's so much information and so many people doing this research either coordinated traditionally through a university or someone like that or independently. that's where you have seen a growth in coordinated schools or programs because there's people out there that can do this research. they don't know where to go so to coordinate that helps to bring it in and vet some of it. pulling that in is a challenge.
3:16 am
and we leverage the organizations to help do the research or commission the research down the road and that ultimately improves. >> go now. >> is it different now? do you know who to go to? >> i think we have some of that. and if you look at this headlights in night. somebody has an accident. and recall and research your
3:17 am
still reacting. and a vulnerability disclosure. you might get 3 months, six months, nine months, four years before this becomes a public thing so it really becomes -- if you want to get ahead of it you use this welcome mat. and i think high trust teammates now. >> jeff and i'll go to you steven. how do you disseminate the information? how do you avoid the noise.
3:18 am
you have to be able to take in all of that information and you have to figure out what is important. but there was a reference made for the isac and you have partners on different levels of maturity and what is happening is even if someone doesn't have a disclosure program today the people that do are sharing it within the isac we had a board of director meetings yesterday and ran our table top exercise.
3:19 am
and we're learning that more effectively as an industry. so bentley's point is very poignant. >> here is the big paradigm shift. in this business the information that you're receiving is old. you got a lot of information about what broke sifting through that and determining what went wrong and what do you do to change that? this is information about what might be broken, what might go wrong and that takes an entirely different way of thinking and an entirely different organization. there are people that stay up all night and intellectually energized by finding these kind of problems. why not welcome them in. >> that's great. >> that's true. >> to that point, how, the
3:20 am
cultur cultural. and when no one really talked. what has enabled the culture shift. >> it's the commonality. we all share decades of experience in the same business and over time i mention this sometimes. don't talk to him. don't talk to him. you're going to get in trouble. you're not going to get in trouble by talking to someone you have enormous things in common with. things change very quickly. and you were there too. >> yeah.
3:21 am
>> yeah. >> the conversation. >> it is -- it is changing in the mind shift it has changed because i think there's from all of those things that you said, right? but i think one of the core things whether it's government or researchers or whatever it is that really spawned this off is building and understanding and educating really everyone that yes this is a problem that might have been in the future, right? to steve's point we're good as an industry at knowing what has happened and then addressing that. now we're shifting to how do we know that something might happen and getting people to understand that that might happen? what has really done that is some of the research. some of the demonstrations that made it real. unfortunately it's made it real prior to this happening. >> given the conversation hi this week this just occurred to
3:22 am
me. if we want to have even more information and get even smarter faster if you watch recent events we had the first fatality with the self-driving car technology and one of the things that really piqued my interest is they're doing an investigation but so is ntsb. one of our five stars is do you have evidence capture? our car is instrumented to facilitate and aid in a safety investigation and that's one of the topics that is hard to do as an entire industry so we have a real gap in a vakcum to deal with privacy preserving but safety investigating supporting set of meaningful evidence capture. that might be after cash or data and tampering for months and hacking attempts across large fleets of vehicles and if we want to get across the current information sharing or proactive it's going to have to become a priority for us to get past all
3:23 am
the historical reasons we he haven't done this but that might be the next turn of the crank. not just sharing the information that we have. but ensuring that we have information to be best equipped as possible to detect and response to and avoid it. >> we're getting to a point with the information. >> that's an interesting discussi discussion. and you think about this.
3:24 am
it started a year ago and we sat down as a board and said we can't let this implode. it can't implode on itself. so it's been operational how we have gone about this. now strategic partners and suppliers and owl of these things. if you talk to the department of transportation. so i think it's really important that we go take our time. the intent by us is to show as an industry how are we coming together and how are we going to write best practices we haven't
3:25 am
completed them all yet the executive summary is informing how deep and how wide they'll cover so in releasing that document there's a lot of questions out there but we'll release our best practice guides. a couple of things have to happen first and we need the help to do that. the standards organizations announced they'll release the best practice document and we want to be informed by that document as well and it's really important. it's actually very quick in my opinion how fast we're moving in this case but we're doing it intentionally and being careful in how we're approaching this. so it's great. >> josh what parallels have you seen? you get a chance to play over in other areas.
3:26 am
>> cyber physical systems and safety and more progress working with the medical device field and public infrastructure. and it's amazing how in this industry and health care and medical devices between even aviation a little bit older. and things is a really diverse set of categories into that but there's all -- in some ways there's things this group can learn from what we have done with the food and strug administration. they put out their guidance and medical devices in january and in it they're very -- i'm here to see what they to with the pending recommendations. in it they're almost requiring
3:27 am
quarterly disclosure programs and if you can do a mitigation in 30 days or so you don't have to go through the painful process and it's a carrot shaped stick. they're trying to make sure that you don't need the heavy hand regulation and we should create more opportunities to take the best and brightest from the medical manufacturers like phillips and johnson & johnson and do the best and brightest from this community and we can learn from each other more overtly. >> that's great. >> you mentioned your meetings. sometimes you're in d.c. visiting. see you often. but what is the perception that what we're doing as an industry now with the isac and best practice what is your feeling of the perception of what we have
3:28 am
done here? >> it's changed 180 degrees in the last year. the regulators seeing the industry coming together and seeing concrete results. i welcome their comments about the release of the executive summary this week rand i think, you know, they lit the fire and the fire is taking off on its observe and that's a good thing. >> what do you think? >> it's been positive and maybe there's doubt as to how fast and how much it would be able to do. it's pretty impressive. >> how deep are they going to go? are we going to talk about giving the electrical architecture that every car should have? where is the line on this thing?
3:29 am
are we going to go down to ecu diagrams? what does it look like right now i think that's very important. needs to be updatable and adaptable. we're all competitors and fierce competitors. what does that mean? we do things differently. that's important that we do things differently. at the same time the best practices have to be adaptable to what we do and how we do things in our companies but one thing to hit hard on that one and it's been something that has energized me is our activities and best practices. the idea of least common denominator is not what we're talking about in the isac. these are going to be hard to meet and that's important.
3:30 am
in fact i would even argue, josh you talked about data capturing. i'll relate that back to detection systems in the cyber security sense. we may put something in the technology that doesn't exist today to solve and what does that mean? that's great. it challenges us and challenges our partners out there to help us create the technology to solve the problem so that we can improve the security posture of our vehicles so all of the things put together is an ene y energizing activity. >> you can confirm this, we're not just looking at the seekels that have been on the road for ten years. we're looking at the next 20 as well. >> the uios aren't the problem really. it's going forward and the features that the market wants. and with that level of connectivity, disruption is not
3:31 am
acceptable. >> if we wrote best practices that we could all meet we would have failed and then we would just have to write more, right? so that's why there's more aspirational than they are achievable necessarily right now. >> you should all be commended for this because in other sectors and i'm on record saying about payment card industry. multiyear attack on them saying it was essentially the no child left behind act for information security. what they did is by focussing on specific controls with technology and threats that move so fast it was outdated and obsolete before the ink dried so i like that you're focussing on objectives instead of the specific controls that might meet themful that you're focused on something aspirational versus something in the rear-view mirror and i think that you're going to be helped and i agree with you that there aren't even available technologies for
3:32 am
these. the sad news is they are very connected. millions of lines of code. they are prone today and it will take us easily five to ten years to even touch some of these best practices. >> and it's all the way to architecture. >> you might at best get them so i like the aspirational approach. >> also it's important here and i'll take off the moderator roll is its not a compliance checklist. this isn't a compliance model and that's the mind set we have
3:33 am
gone into this. >> we should commend our regulator talked about a couple of times here around they're taking the same approach. it's the best practice approach. it's aspirational and adaptable best practices and very collaborative to work with the best practices. see if anybody wants to raise their hands. no cards. say that again tom. >> so if anyone could please write the questions on note cards. >> how do we pull them in and be a part of the conversation? what's a good way to be
3:34 am
connected? the awe motive website. ask. >> what's the way to get involved in the conversation if you're not already, steve. >> certainly go to the web site and contact us. go to the companies that you work with, vehicle manufacturers and get involved. >> okay. thank you. >> thank you. >> you know, partial answer is the very first -- we had about 35 phone calls in the first week after we published, two augusts ago and the first several were two one spirals. some of these hacked things we're not built by them, but we're having it fumble it is often complicated to introduce
3:35 am
them and supply chain. i think we need to push pass that very quickly. i'm working with many of the tear one suppliers and help them get a vuner ability technically or privately. this is an ecosystem, i don't want tous to have dropped ball. i high encourt and jury you to work out permission to participate in the program they're launching, but to maybe launch your own. >> if the future concept to be kind of vuner ability disclose sure program for the entire industry, is it going to be, coordinate disclose sure for everyone. your thoughts? >> i knew that. sure. i don't think that's ever going
3:36 am
to be the only place we get it from. i think it's going to be broader than that. we have to look at that as a really good source, certainly not the only source. >> well, and really, you know, talk about vuner ability disclose sure, the best relationship that can happen is between the researcher and the company they're working with. this is the place where everyone should learn what that oem and supplier is seeing based on that research an analyzing and sharing it with the industry. you talk about this, information sharing and analysis. we like to share information but takes the person who is knowledgeable about the design to analyze it and really provide actual -- i think how it can play a role until everybody has a program. i think in the end the program that each individual company is really important. >> yeah, i think it has to be back to high trust these companies are so different.
3:37 am
in having disclose sure program is not enough. you have to have the team that can field it, triage it, analyze it to process it to fix it. you'll want to set those terms. one will get the panel, you're getting to set the terms, the scope, the mechanisms in a way that you know you can handle. i would discourage over use as the point of contact. >> even coordinated disclose sure program. it's a great way and important way. but back to jeff's point, you'll have relationships and you need to have relationships directly with research as well. >> you need to do it soon, they make it so it's no longer a crime to research your own vehicles or medical devices as of october, ern if you don't want to have one, building muscles in capacity now with
3:38 am
your own program before a spike in the surge of bugs come in when the line is softened is probably a good idea. >> great question we didn't hit on, building the best practices, what standards are we looking at, what sae standards, was this done in a vacuum or did we look a t the standards to map them? but, steve? >> they're all in there if you read through the executive summary it will reference in each area some of the details that they're built upon. >> that's great. >> how did that go, i mean, why did we pick what standards, jeff, do you recall the -- and you're like in the room, too, as well. what standards did we look at. we'll give you a chance. >> you had any conversation with them. >> it was to get things that were out there, as an example in this framework. it was -- there was a lot of work that was put in that. it was vetted out quite a bit
3:39 am
over a couple of years and so that was a good one to look at and incorporating the other ones as well. we didn't want to say here are the best practices of what the members of the isac do. it's what else is there out there. any time you're building any kind of security platform or strategy or anything like that, you're not just looking at what you got, you're looking at everything else there's a lot of people that does a lot of work, they can kind of do the work for you in that sense when you're leveraging what they're doing. certainly it wasn't done in a vacuum, never was intended to. >> some great questions. we're not going to get them all, i've got more baseball cards. these are great questions. one thing i will answer, where do we go to get the executive summary today, if you can go to automotive executive summary is posted there.
3:40 am
it's actually facs there. but what -- what's the -- what do the oems, what do y'all expect them from the supplier on cyber security, sharing information. i mean, the suppliers have information about threats and vulnerabilities, what's the expectation? steve. >> we're working closely with our partners to put various requirements in place to have a strong security posture for our connected and safety critical systems that exist in our vehicles and the partnership with the supplier is extremely important ther
3:41 am
it's required to provide the right security posture. you know, secure life cycle development throughout the development of the product. and even when it's launched, it's out there for many years. that partnership is very important and i can't begin to talk about different ways. but it's absolutely important. i mean, the suppliers and the partners they're becoming members just like the oem, if you see things in your environment, you should be reporting it and sharing that intelligence and may not eflkt the manufacturer today. that doesn't mean it shouldn't be reported such that if you're in the future development of seasoning, that might be tangible to us as well. >> you mentioned life cycle and i think that's one of the biggest challenges because most things that are automobile over the life cycle, there's no intervention. you've got systems in the cars now and the cars last 20 years these days. things are going to require
3:42 am
changing and improvement and the development teams have to have that kind of history and experience. typically what happens is you have a development team they launch and move on. once you get past three and four years. it's hard to go through the organization to see who did what when you have to go back and fix something. with these technologies it's probably more so. >> you know, i'm not trying to put anybody on the spot. it strikes me beyond the oems for potential sources of threat and risks and harm and the people you're inviting in, one of the reasons we have the star number five is isolation are very critical systems or noncritical systems, one of your threat makers that may not be in your circle already, i call a government mandated back door, because a lot of these after market devices whether it's
3:43 am
verizon, these things you can buy kick starter size companies, once they're on tlar canvas and most of these vehicles, they have unbettered access to erg else, that may also be a source of vulnerability, threat, we might -- if you haven't already, we might want to factor in someway to factor it. >> first, we've been working with suppliers for a long time, right, we do that through safety requirements. through quality requirements and performance requirements, right? now, we're bringing that into security requirements and how do we test that and insure that. we're bringing in a new sort of nontraditional supplier, automotively traditional supplier of folks that are doing connectivity. there are people who have the pipe between the human, customer and the vehicle. so those are folks who are not typically thought of as automotive suppliers, bringing
3:44 am
them into the fold is also important. >> will we ever have a truly secure and safe car, 100% cyber secure. >> no. >> in our time? >> no. >> we focus on failure readiness, all systems fail. are you able to notice them, avoid them, work with others, respond to them, contain them, all systems fail. >> tooef? >> at any moment in time, yes. that's a second, millisecond, beyond that, no. >> no, i agree with josh, no such thing as 100% secure. >> i would go to # a%. >> strong security. >> can't engineer yourself way out of this. >> no discipline. >> great.
3:45 am
>> we had the privacy play. there's so much data on the vehicle coming on about our own personal lives, is that going to be considered as part of the best practices, have you looked at it in your world, josh, steve, you first. >> i was going to say that yes it is part of it. it's very important. i think there are two aspects to it. it's what you collect and what you do with it. that's the important part. because there's all kind of diagnostic information that's collected about the car. it's collected at the car level, what you do with it is important. >> all right. >> go ahead. >> i was going to say, what we did with the best practices was specific around protecting privacy, it is included in there. privacy is a component. it's information, specific types of information. >> i'm going to say something controversial on purpose. but i'm getting very frustrated. i love my privacy and i'd like
3:46 am
to be alive to enjoy it. and a concern i had in the preriff ri is becoming a more important concern. if we're not careful, we'll have corpses with the privacy intact. there are times when some of the desire to not share data, to not do intrusion detection, to avoid evidence capture and things like black box and ntsb for airplane, we need to be very mature and have very hard conversations and figure out the right balance because it's entirely possible that the the privacy advocates may delay the necessary architectural choice that is we have. i don't think it has to be a fight. if we aren't really aggressive and pushing through it we have to talk about what we want. >> i have a slogan for you, you can't embarrass a corpse.
3:47 am
>> if none of whey said discounts the importance of privacy. if you want a piece of contrast, on monday or tuesday, germany, probably the most privacy conscious country on earth is now puts out mandates for a black box for vehicles. it doesn't have to be identical to airplanes. if the most privacy conscious on earth realizes the importance on this. we have to have the conversation too, i'm willing to start helping that conversation. >> i'll relay it back to the best practices and cyber security posture. skbrosh, i think you talked about the privacy aspect, i'll leave that asaid. cyber security best practices is not just to provide safety for the customer, but also to keep their data private.
3:48 am
it's the same what keeps you safe and those are all encompassing the best practices. not easy to attain, but absolutely covered in the best practices so that we can learn from each or on how to do better. >> i think a private part is unsafe, we might get it right. >> sir, previous speaker said many times she's seen. we'll see more disruption in the next five areas than we've seen in the last 50 years. i've seen more disruchgs that you all have created in the last two years. thank you for your leadership. thank you for a great conversation and being part of it and continue to push the industry forward. i look forward to coming back and seeing how far we've gotten. thank you very much.
3:49 am
welcome everyone. we look to continue that kind of informative session and to really make this into a learning experience for everybody. we have an esteemed panel here. just to set the stage on cyber security and as we wrote about say 18 months ago, cyber security really hit our radar when a driver going 70 miles per hour in downtown experienced, despite not having touched a button on the dashboard, radio switched to hip-hop station and windshield wipers were going wiper fluid, everybody knows now about the two hackers involved with the jeep


info Stream Only

Uploaded by TV Archive on